Threat Hunting and Forensics Analyst

Business Operational Concepts (BOC) is a recognized leader in providingTechnical and Program Management Services Information Technology and Support.

BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality innovative and cost-effective professional services and solutions. We provide a positive working environment with opportunities for advancement in our growing Federal sector workforce.

We offer an excellent compensation package which includes a generous salary insurance (medical dental etc.) paid leave 401k plan and arecommitted to the diversity we bring to the marketplace and believe customer satisfaction comes first.

JOB SUMMARY:

Business Operational Concepts (BOC) is currently seeking a seeking a Threat Hunting and Forensics Analyst to work with our federal client. The ideal candidate will serve as a Threat Hunting and Forensics Analyst within the federal clients Cybersecurity Division Cyber Integration Center. A highly motivated individual with strong technical communication and organizational skills will succeed in this program.

The federal clients Threat Hunting and Forensics (THF) Team is responsible for performing two critical cyber security functions. The first being digital forensics in support of cybersecurity incidents requiring detailed analysis to reconstruct the series of events that led to a compromise or breach. The Threat Hunt and Forensics Team collects processes analyzes preserves and presents computer-related evidence in support of cyber incidents law enforcement fraud or counterintelligence.

The THF Team also performs advanced cyber threat hunting throughout the IT enterprise going far beyond simple indicator of compromise (IOC) sweeps. The THF Team analyzes detailed information and intelligence on known and emerging Advanced Persistent Threat (APT) and cybercriminal actors to develop attack hypotheses relevant to the federal clients IT enterprise. Working collaboratively with the clients Cyber Threat Intelligence (CTI) Team and Continuous Penetration Testing Team threat hunts are designed to find any internal indications of adversary activity.

DUTIES AND RESPONSIBILITIES:

• Perform active cyber threat hunt activities based on current cyber threat intelligence and the MITRE ATT&CK Framework.
• Build queries alerts and automations to monitor activities and traffic across the network.
• Perform detailed analysis to reconstruct the series of events that led to a compromise or breach.
• Collaborate with the CTI Team to establish relevant tactics techniques and procedures for prioritized cyber actors identified in the threat model.
• Collaborate with the Security Operations Center (SOC) to continuously develop and tune alerts and automations to detect and repel threat to the federal clients operations.
• Develop cyber hunt activities based on attack hypotheses to identify indications of potential compromise or breach.
• Possess advanced knowledge across various IT platforms in order to understand how attacks occur and what residual indicators might result.
• Develop maintain and update the Threat Hunting Concept of Operations (ConOps) and standard operating procedures (SOPs) as identified in contract deliverables.
• Collaborate with and support the Insider Threat Program.
• Execute proactive defense of the federal clients systems through IOC sweeps host interrogation and persistent threat hunting.
• Conduct advanced analysis and adversary hunting activities in support of operations to proactively uncover evidence of adversary presence on federal client networks and follow Incident Handling processes for detected Insider Threat activity.
• Receive and apply intelligence from the CTI Team including IOCs and TTPs to hunt for activity within federal client networks.
• Provide status updates according to the reporting rhythm maintain daily Activities Tracker and prepare Enterprise Forensics Malware Analysis and Advanced Hunting Plan & SOP as identified in contract deliverables.
• Preserve the user activity monitoring audit data chain of custody in accordance with Title 5 U.S.C. (aka Privacy Act) and in compliance with Federal and DHS regulations.
• Provide notification escalation and daily summary reports based on security event analysis in accordance with the current Federal requirements DHS requirements and guidelines.
• Proactively search through networks to detect and isolate advanced threats that evade existing security solutions.
• Perform digital forensic analysis including network cloud and host based.
• Collect process analyze preserve and present computer-related evidence in support of cyber incidents law enforcement and fraud or counterintelligence.
• Maintain a secure sandboxing solution simulated Internet connectivity multiple Antivirus vendor scanning capabilities and other methods to safely determine malware affects and indicators.
• Ensure that the malware lab contains appropriate digital media analysis tools and equipment (i.e. spare hard drives for replication).
• Conduct forensic analysis of digital media or package and ship media to a designated computer forensic analysis team.
• Identify analyze reverse engineer and de-obfuscate content related to cyber incidents in the lab environment isolated from the clients networks.
• Serve as technical Subject Matter Experts (SMEs) within the team.
• Write update and modernize SOPs in accordance with applicable Federal policies regulations directives and standards including but not limited to the current NIST Publications.
• Conduct formal digital forensic investigations and document findings in formal investigation reports.
• Conduct malware analysis and provide Malware Analysis Reports.
• Develop new security content such as network IDS signatures endpoint and SIEM Queries and attacker TTPs after reversing malware.
• Conduct purple team assessments in conjunction with the penetration testing team to measure effectiveness of existing logging and detection mechanisms and identify areas of improvement.

QUALIFICATIONS:

Required (Minimum) Qualifications Education Certification Experience and Skills

• High School or GED-General Educational Development-GED Diploma
• Bachelors degree in computer science or equivalent is preferred
• Minimum of five years hands-on experience
• Understanding of basic computer and networking technologies.
  • Windows and Linux operating systems
  • Networking technologies (routing switching VLANs subnets firewalls)
  • Common networking protocols SSH SMB SMTP FTP/SFTP HTTP/HTTPS DNS etc.
  • Common enterprise technologies Active Directory Group Policy and the Microsoft Azure suite of cloud services.
• Understanding of current system logging technology and retrieving information from a plethora of technology platforms.
• Familiarity with the MITRE ATT&CK Framework and deep technical-level understanding of the major techniques contained within.
• Ability to work with or learn Microsoft Power BI.
• Ability to obtain and maintain Public Trust Security Clearance.
• Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly U.S. Citizenship is required.
• Grasp of core THF concepts:
• Adversary Tactics Techniques and Procedures (TTPs): Deep familiarity with the MITRE ATT&CK framework and common APT behaviors.
• Hypothesis-Driven Hunting: Ability to form and test analytic hypotheses based on threat intelligence and anomalous activity.
  • Data Analysis & Correlation: Skilled at leveraging SIEM EDR and network telemetry to detect patterns and anomalies.
  • Indicators of Compromise (IOCs): Identifying validating and operationalizing IOCs across diverse data sources.
  • Forensic & Malware Analysis Fundamentals: Understanding of how to examine artifacts logs and malicious code behavior.
  • Automation & Scripting: Competence in Python PowerShell or similar languages to streamline hunting workflows. Excellent analytical and problem-solving skills. The preferred candidate should have the ability to work independently but also to work as part of a team.
• Ability to research and understand log sources for new or unfamiliar systems and learn how to distinguish between normal activity and anomalous/malicious activity on those systems.
• Familiarity with the Microsoft 365/Azure suite of products including Microsoft Sentinel and Microsoft 365 Defender.
• Ability to speak publicly within the organization at meetings with up to 100 participants.
• Willingness to take on and adapt to new open-ended tasks for which there is no current standard operating procedure.
• Ability to research independently and self-teach.
• Proficiency with common enterprise AI tools such as ChatGPT and Microsoft CoPilot to enhance productivity.

Preferred Qualifications Education Certification Experience Skills Knowledge and Abilities

• Interest in security/hacking culture. Ability to think like an attacker
• Any threat hunting or forensics certification especially:
  • eLearnSecurity Certified Threat Hunting Professional (eCTHPv2)
  • SANS GIAC Reverse Engineering Malware (GREM)
  • EC-Council Computer Hacking Forensic Investigator (CHFI)
• Any Microsoft 365/Azure cybersecurity certification especially:
  • Microsoft Certified: Security Compliance and Identity Fundamentals (SC-900)
  • Microsoft Certified: Security Operations Analyst Associate (SC-200)
  • Microsoft Certified: Azure Fundamentals (AZ-900)
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Expertise in Microsoft Power BI
• Knowledge of common enterprise technologies policies and concepts such as:
  • Microsoft Sentinel SIEM
  • Kusto Query Language (KQL)
  • Mobile device technologies (iOS Android)
  • Scripting experience (PowerShell Python etc.)
  • Azure DevOps
• Artificial Intelligence (AI) / Machine Learning (ML) expertise
  • In-depth knowledge of AI and ML concepts.
  • How to practically apply AI/ML technologies to enhance cyber threat hunting capabilities.
  • Experience with specific AI services offered within Microsoft Azure.

Business Operational Concepts LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.